Commit | Line | Data |
---|---|---|
d15c345f PM |
1 | /* |
2 | * NetLabel NETLINK Interface | |
3 | * | |
4 | * This file defines the NETLINK interface for the NetLabel system. The | |
5 | * NetLabel system manages static and dynamic label mappings for network | |
6 | * protocols such as CIPSO and RIPSO. | |
7 | * | |
8 | * Author: Paul Moore <paul.moore@hp.com> | |
9 | * | |
10 | */ | |
11 | ||
12 | /* | |
13 | * (c) Copyright Hewlett-Packard Development Company, L.P., 2006 | |
14 | * | |
15 | * This program is free software; you can redistribute it and/or modify | |
16 | * it under the terms of the GNU General Public License as published by | |
17 | * the Free Software Foundation; either version 2 of the License, or | |
18 | * (at your option) any later version. | |
19 | * | |
20 | * This program is distributed in the hope that it will be useful, | |
21 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
22 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See | |
23 | * the GNU General Public License for more details. | |
24 | * | |
25 | * You should have received a copy of the GNU General Public License | |
26 | * along with this program; if not, write to the Free Software | |
27 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | |
28 | * | |
29 | */ | |
30 | ||
31 | #include <linux/init.h> | |
32 | #include <linux/types.h> | |
33 | #include <linux/list.h> | |
34 | #include <linux/socket.h> | |
32f50cde PM |
35 | #include <linux/audit.h> |
36 | #include <linux/tty.h> | |
37 | #include <linux/security.h> | |
d15c345f PM |
38 | #include <net/sock.h> |
39 | #include <net/netlink.h> | |
40 | #include <net/genetlink.h> | |
41 | #include <net/netlabel.h> | |
42 | #include <asm/bug.h> | |
43 | ||
44 | #include "netlabel_mgmt.h" | |
45 | #include "netlabel_unlabeled.h" | |
46 | #include "netlabel_cipso_v4.h" | |
47 | #include "netlabel_user.h" | |
48 | ||
49 | /* | |
50 | * NetLabel NETLINK Setup Functions | |
51 | */ | |
52 | ||
53 | /** | |
54 | * netlbl_netlink_init - Initialize the NETLINK communication channel | |
55 | * | |
56 | * Description: | |
57 | * Call out to the NetLabel components so they can register their families and | |
58 | * commands with the Generic NETLINK mechanism. Returns zero on success and | |
59 | * non-zero on failure. | |
60 | * | |
61 | */ | |
62 | int netlbl_netlink_init(void) | |
63 | { | |
64 | int ret_val; | |
65 | ||
66 | ret_val = netlbl_mgmt_genl_init(); | |
67 | if (ret_val != 0) | |
68 | return ret_val; | |
69 | ||
70 | ret_val = netlbl_cipsov4_genl_init(); | |
71 | if (ret_val != 0) | |
72 | return ret_val; | |
73 | ||
74 | ret_val = netlbl_unlabel_genl_init(); | |
75 | if (ret_val != 0) | |
76 | return ret_val; | |
77 | ||
78 | return 0; | |
79 | } | |
32f50cde PM |
80 | |
81 | /* | |
82 | * NetLabel Audit Functions | |
83 | */ | |
84 | ||
85 | /** | |
86 | * netlbl_audit_start_common - Start an audit message | |
87 | * @type: audit message type | |
88 | * @secid: LSM context ID | |
89 | * | |
90 | * Description: | |
91 | * Start an audit message using the type specified in @type and fill the audit | |
92 | * message with some fields common to all NetLabel audit messages. Returns | |
93 | * a pointer to the audit buffer on success, NULL on failure. | |
94 | * | |
95 | */ | |
96 | struct audit_buffer *netlbl_audit_start_common(int type, u32 secid) | |
97 | { | |
98 | struct audit_context *audit_ctx = current->audit_context; | |
99 | struct audit_buffer *audit_buf; | |
100 | uid_t audit_loginuid; | |
101 | const char *audit_tty; | |
102 | char audit_comm[sizeof(current->comm)]; | |
103 | struct vm_area_struct *vma; | |
104 | char *secctx; | |
105 | u32 secctx_len; | |
106 | ||
107 | audit_buf = audit_log_start(audit_ctx, GFP_ATOMIC, type); | |
108 | if (audit_buf == NULL) | |
109 | return NULL; | |
110 | ||
111 | audit_loginuid = audit_get_loginuid(audit_ctx); | |
112 | if (current->signal && | |
113 | current->signal->tty && | |
114 | current->signal->tty->name) | |
115 | audit_tty = current->signal->tty->name; | |
116 | else | |
117 | audit_tty = "(none)"; | |
118 | get_task_comm(audit_comm, current); | |
119 | ||
120 | audit_log_format(audit_buf, | |
121 | "netlabel: auid=%u uid=%u tty=%s pid=%d", | |
122 | audit_loginuid, | |
123 | current->uid, | |
124 | audit_tty, | |
125 | current->pid); | |
126 | audit_log_format(audit_buf, " comm="); | |
127 | audit_log_untrustedstring(audit_buf, audit_comm); | |
128 | if (current->mm) { | |
129 | down_read(¤t->mm->mmap_sem); | |
130 | vma = current->mm->mmap; | |
131 | while (vma) { | |
132 | if ((vma->vm_flags & VM_EXECUTABLE) && | |
133 | vma->vm_file) { | |
134 | audit_log_d_path(audit_buf, | |
135 | " exe=", | |
136 | vma->vm_file->f_dentry, | |
137 | vma->vm_file->f_vfsmnt); | |
138 | break; | |
139 | } | |
140 | vma = vma->vm_next; | |
141 | } | |
142 | up_read(¤t->mm->mmap_sem); | |
143 | } | |
144 | ||
145 | if (secid != 0 && | |
146 | security_secid_to_secctx(secid, &secctx, &secctx_len) == 0) | |
147 | audit_log_format(audit_buf, " subj=%s", secctx); | |
148 | ||
149 | return audit_buf; | |
150 | } | |
151 | ||
152 | /** | |
153 | * netlbl_audit_nomsg - Send an audit message without additional text | |
154 | * @type: audit message type | |
155 | * @secid: LSM context ID | |
156 | * | |
157 | * Description: | |
158 | * Send an audit message with only the common NetLabel audit fields. | |
159 | * | |
160 | */ | |
161 | void netlbl_audit_nomsg(int type, u32 secid) | |
162 | { | |
163 | struct audit_buffer *audit_buf; | |
164 | ||
165 | audit_buf = netlbl_audit_start_common(type, secid); | |
166 | audit_log_end(audit_buf); | |
167 | } |